Agent Permission Standard
Capability-based security for autonomous agents: what they may do, how much they may spend, who they may delegate to, and how it is all revoked and audited.
01Abstract
Defines how autonomous AI agents request, receive, and manage permissions to perform actions on behalf of users. It establishes delegation chains, capability boundaries, and revocation mechanisms for agent authorities.
02Key concepts
Agent identity
Each agent has a verifiable identity and declared capabilities, with a trust score and certifications that build over its action history.
Capability boundaries
Permissions enumerate exact action types (read, write, execute, spend, delegate, call external APIs, train) as an explicit allow-list.
Hard limits
Spend caps, rate limits, allowed domains, cooldowns, and per-action confirmation keep an agent inside guardrails the user sets.
Delegation & revocation
Agents can delegate to other agents along auditable chains, and any authority can be revoked, including in an emergency.
03Core operations
- requestPermission(agentId, actions, boundaries)
- grantPermission(...) / revokePermission(...)
- delegate(fromAgent, toAgent, scope)
As agents start acting on our behalf, LCS-003 is the seatbelt: explicit capabilities, financial and operational limits, and an audit trail for every action, with a kill switch.
04Full specification
The complete, canonical specification for LCS-003 lives in the standards repository and is always the source of truth.
Read on GitHub